1. Field of the Invention
This invention relates to a technology for guaranteeing security of a security object inside a security zone that only specific persons are allowed to enter and leave.
2. Description of the Related Art
A technology described in JP-A-09-198501, for example, is known as the technology for managing admission/leaving of persons to and from a security zone only specific persons are allowed to enter and leave. This technology compares or verifies biometric information of an authentic person recorded in a management device with biometric information of this person when the person passes through a door of a security zone, permits admission of only the authentic person and prevents admission of unauthorized persons into the security zone.
On the other hand, JP-A-10-124668 and JP-A-10-149446 describe a technology for protecting security of a security object when the security object is an access to a computer system comprising a server and a client.
The technology described in JP-A-10-124668 manages concentratedly the biometric information of the authentic persons in the server, verifies the biometric information of the person accepted by the client with reference to the server when utilization of the computer system is initiated, and permits the authentic person to gain access to the computer system while preventing the access by unauthentic persons.
On the other hand, the technology described in JP-A-10-149446 issues a portable storage device recording the biometric information of an authentic user, such as a smart card, to the authentic user, reads the biometric of the user from the portable storage device carried by the user by the client when utilization of the computer system is initiated, and permits only the authentic user to gain access to the computer system while preventing the access to the computer system by unauthentic users.
When security of a security object inside a security zone that only specific persons are permitted to enter and leave is protected, each prior art technology described above does not operate security of the security zone with security of the security object in the interlocking arrangement with each other. In other words, the prior art technology does not employ the construction in which only the person who enters authentically the security zone is permitted to gain access to the security object. Even those persons who enter unauthentically the security zone can gain access to the security object. Therefore, the prior art is not yet sufficient as security of the security object. Even when it is desired to permit only specific users to enter and leave a computer room and moreover to permit the only the specific users entering authentically the computer room to gain access to the computer system installed inside the computer room, the prior art technology described above cannot exclude the access by unauthentic persons entering the computer room to the computer system.
The technology using the biometric information for verifying the authentic person is the one that can execute authentication with a relatively high probability. The technology described in JP-A-10-124668 manages concentratedly the biometric information as the information inherent to the users by the server, the psychological resistance of the users is great and a large number of biometric information is likely to be stolen at one time. To manage a large number of users, the management cost of the biometric information in the server rises.
On the other hand, the technology described in JP-A-10-149446 needs a reader of the portable storage device such as the smart card and the verification function of the biometric information for each client. Therefore, the system configuration cost becomes high.
To protect security of the security objects existing inside a security zone that extends to a plurality of zones and only specific persons are allowed to enter and leave, each prior art technology described above needs a management device for each door communicating with a plurality of security zones and registration of the biometric information of the authentic persons to the servers of a plurality of security zones. In consequence, the management cost rises, too.
It is therefore an object of the present invention to improve at a relatively low cost security of a security object in a security zone that only specific persons are permitted to enter and leave.
It is another object of the present invention to improve at a relatively low cost security of a security object in a security zone extending to a plurality of zones.
According to one aspect of the present invention for accomplishing the objects described above, there is provided a security system for permitting only an authentic person to conduct a security object action inside a security zone, comprising a portable device issued to the authentic person and storing verification information capable of verifying authenticity of the portable device and inherent information as information inherent to the person to whom the portable device is issued; security zone security means for verifying authenticity of the portable device by using the verification information stored in the portable device carried by the person intending to enter the security zone, permitting the person carrying the portable device authenticity of which is established or verified to enter the security zone, and rejecting the person carrying the portable device authenticity of which is not verified to enter the security zone; storage means; inherent information read means for reading the inherent information stored in the portable device, from the portable device authenticity of which is verified, carried by the person entering the security zone, and storing the inherent information to the storage means; information input means for accepting the input of information by a person intending to conduct the security object action in the security zone; security object action security means for permitting the person to conduct the security object action when the inherent information matching the information accepted by the information input means is stored in the storage means, and rejecting the person to conduct the security object action when the inherent information matching the information accepted by the information input means is not stored in the storage means; and leaving management means for gaining access to the portable device carried by the person leaving the security zone, stipulating the inherent information the inherent information read means reads from the portable device and stores to the storage means, and erasing the stipulated inherent information from the storage means.
The security system described above keeps the inherent information only while the person remains inside the security zone, and can therefore prevent a large number of inherent information from being stolen at one time. Since the person uses the portable device only when he enters and leaves the security zone, a reader for reading the portable device need not be disposed to a terminal, for example, used for the security object action inside the security zone. In consequence, the security system can lower the build-up cost. The security system can exclude the security object inside the security zone by the person who unauthentically enters the security zone. Even when the biometric information is used as the inherent information of the user, the security system can insure that the biometric information is persistently stored in only the portable device, this security system can mitigate the negative feeling of the users.
When the security system is the one that permits only authentic persons to gain access to a security object in a security zone extending to a plurality of security zones. The system includes security action security means that uses the portable device issued for the authentic person in common to each security zone of a plurality of zones. Therefore, this system can keep security while restricting the build-up cost and the management cost of the users in each zone.